The Failure to Prevent Fraud Offence – be prepared to avoid criminal liability

The failure to prevent fraud offence is a new corporate offence which has come into force on 1 September 2025 – as a result of the Economic Crime and Corporate Transparency Act 2023 (ECCTA). This offence welcomes a shift from simply responding to corporate fraud, to actively preventing it. As such, organisations will need to ensure sufficient prevention procedures are in place to avoid criminal liability.

What is the new offence?

According to the Home Office guidance published November 2024, “an organisation may be criminally liable where an employee, agent, subsidiary or another “associated person”, commits a fraud intending to benefit the organisation and the organisation did not have reasonable fraud prevention procedures in place”. In some cases, the organisation can be criminally liable where the fraud offence was committed with the intention to benefit a client of the organisation.

Who is an “associated person”?

An “associated person” includes any individual providing services for or on behalf of the relevant body.

What does “intending to benefit” mean?

“Intending to benefit” means the organisation does not need to receive any actual benefit from the fraudulent offence, and the same goes for the client of the organisation. It is also worth highlighting, “intending to benefit” an organisation does not need to be the sole incentive or primary driving force in committing the offence. If the fraudulent actions of an individual happen to also benefit the organisation as a consequence of their primary motive, the organisation can still be found liable.

What organisations does this offence apply to?

This offence applies to large organisations which is defined in section 201 of ECCTA as those organisations that satisfy two or more of the following:

• Turnover – more than £36 million
• Balance sheet total – more than £18 million
• Number of employees – more than 250

These conditions will apply to the financial year which precedes the year of the offence.

What fraud-based offences are included?

• Fraud offences under sections 1, 2, 3 and 4 of the Fraud Act 2006
• Participating in fraudulent business (per section 9, Fraud Act 2006)
• Obtaining services dishonestly (per section 11, Fraud Act 2006)
• Cheating the public revenue (common law)
• False accounting (section 17, Theft Act 1968)
• False statements by company directors (section 19, Theft Act 1968)
• Fraudulent trading (section 993 Companies Act 2006)

Is there a defence?

As confirmed by sections 199(4) and (5) of ECCTA, the organisation will have a defence if, at the time the fraud offence was committed:

• The body had in place such prevention procedures as was reasonable in all the circumstances to expect the body to have in place, or
• It was not reasonable in all the circumstances to expect the body to have any prevention matters in place.

What “fraud prevention measures” should be in place?

As a guide, the Home Office has provided six principles which the relevant organisations should base their fraud prevention framework around. These are:

• Top level commitment
• Risk assessment
• Proportionate risk-based prevention procedures
• Due diligence
• Communication (to include training)
• Monitoring and review

The six principles are purposely flexible and broad to allow for the many situations organisations may find themselves in. In practice, the onus will be on the organisation to show that the procedures used are reasonable for that particular business or, why it would be unreasonable to expect the organisation to have certain procedures in place. The measures should be proportionate to the risk.

Ultimately, business leaders will need to ensure their organisation is taking a proactive approach; anti-fraud policies should be made widely available and complied with by all staff. Notable questions should be asked, i.e. where could fraud occur? How could fraud occur in a particular area? What could be done to minimise this risk? Asking these types of questions can help tailor risk assessments to businesses. Risk assessments should be conducted frequently to allow staff to become comfortable with preventative procedures. Moreover, such procedures will need to be regularly reviewed to make room for required updates.

Finally, and most importantly, organisations should be aware that doing nothing will likely be seen that reasonable fraud prevention measures were not in place, should the offence occur. Thus, organisations should begin reflecting and act now.

For more information and guidance, please see the guidance published by the Home Office here: Guidance to organisations on the offence of failure to prevent fraud.

Please feel free to reach out to our  corporate team. and we would be happy to help.